CentOS 7 Server Deployment Cookbook

Table of Contents

CentOS 7 Server Deployment Cookbook

Credits

About the Author

About the Reviewer

www.PacktPub.com

Why subscribe?

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. Getting Started with CentOS

Introduction

Installing CentOS using Anaconda in graphics mode

Getting ready

How to do it...

How it works...

See also

Installing CentOS using Anaconda in text mode

Getting ready

How to do it...

How it works...

See also

Coordinating multiple installations using Kickstart

Getting ready

How to do it...

How it works...

See also

Running a cloud image with Amazon Web Services' EC2

Getting ready

How to do it...

How it works...

See also

Installing a container image from the Docker Registry

Getting ready

How to do it...

How it works...

See also

Installing the GNOME desktop

Getting ready

How to do it...

How it works...

See also

Installing the KDE Plasma desktop

Getting ready

How to do it...

How it works...

See also

2. Networking

Introduction

Setting a static IP address

Getting ready

How to do it...

How it works...

See also

Binding multiple addresses to a single Ethernet device

Getting ready

How to do it...

How it works...

See also

Bonding two Ethernet devices

Getting ready

How to do it...

How it works...

See also

Configuring the network firewall with FirewallD

Getting ready

How to do it...

How it works...

See also

Configuring the network firewall using iptables

Getting ready

How to do it...

How it works...

See also

Installing a DHCP server

Getting ready

How to do it...

How it works...

See also

Configuring an NFS server to share a filesystem

Getting ready

How to do it...

How it works...

See also

Configuring an NFS client to use a shared filesystem

Getting ready

How to do it...

How it works...

See also

Serving Windows shares with Samba

Getting ready

How to do it...

How it works...

See also

3. User and Permission Management

Introduction

Escalating privileges with sudo

Getting ready

How to do it...

How it works...

See also

Enforcing password restrictions

Getting ready

How to do it...

How it works...

See also

Setting default permissions for new files and directories

Getting ready

How to do it...

How it works...

See also

Running binaries as a different user

Getting ready

How to do it...

How it works...

See also

Working with SELinux for greater security

Getting ready

How to do it...

How it works...

See also

4. Software Installation Management

Introduction

Registering the EPEL and Remi repositories

Getting ready

How to do it...

How it works...

See also

Prioritizing repositories using the Priorities plugin

Getting ready

How to do it...

How it works...

See also

Automating software updates with yum-cron

Getting ready

How to do it...

How it works...

See also

Verifying installed RPM packages

Getting ready

How to do it...

How it works...

See also

Compiling a program from source

Getting ready

How to do it...

How it works...

See also

5. Managing Filesystems and Storage

Introduction

Viewing the size of files and available storage

Getting ready

How to do it...

How it works...

See also

Setting storage limits for users and groups

Getting ready

How to do it...

How it works...

See also

Creating a RAM disk

Getting ready

How to do it...

How it works...

See also

Creating a RAID

Getting ready

How to do it...

How it works...

See also

Replacing a device in a RAID

Getting ready

How to do it...

How it works...

See also

Creating a new LVM volume

Getting ready

How to do it...

How it works...

See also

Removing an existing LVM volume

Getting ready

How to do it...

How it works...

See also

Adding storage and growing an LVM volume

Getting ready

How to do it...

How it works...

See also

Working with LVM snapshots

Getting ready

How to do it...

How it works...

See also

6. Allowing Remote Access

Introduction

Running commands remotely through SSH

Getting ready

How to do it...

How it works...

See also

Configuring a more secure SSH login

Getting ready

How to do it...

How it works...

See also

Securely connecting to SSH without a password

Getting ready

How to do it...

How it works...

See also

Restricting SSH access by user or group

Getting ready

How to do it...

How it works...

See also

Protecting SSH with Fail2ban

Getting ready

How to do it...

How it works...

See also

Confining sessions to a chroot jail

Getting ready

How to do it...

How it works...

See also

Configuring TigerVNC

Getting ready

How to do it...

How it works...

See also

Tunneling VNC connections through SSH

Getting ready

How to do it...

How it works...

See also

7. Working with Databases

Introduction

Setting up a MySQL database

Getting ready

How to do it...

How it works...

See also

Backing up and restoring a MySQL database

Getting ready

How to do it...

How it works...

See also

Configuring MySQL replication

Getting ready

How to do it...

How it works...

See also

Standing up a MySQL cluster

Getting ready

How to do it...

How it works...

See also

Setting up a MongoDB database

Getting ready

How to do it…

How it works...

See also

Backing up and restoring a MongoDB database

Getting ready

How to do it...

How it works...

See also

Configuring a MongoDB replica set

Getting ready

How to do it...

How it works...

See also

Setting up an OpenLDAP directory

Getting ready

How to do it...

How it works...

See also

Backing up and restoring an OpenLDAP database

Getting ready

How to do it...

How it works...

See also

8. Managing Domains and DNS

Introduction

Setting up BIND as a resolving DNS server

Getting ready

How to do it...

How it works...

See also

Configuring BIND as an authoritative DNS server

Getting ready

How to do it...

How it works...

See also

Writing a reverse lookup zone file

Getting ready

How to do it...

How it works...

See also

Setting up a slave DNS server

Getting ready

How to do it...

How it works...

See also

Configuring rndc to control BIND

Getting ready

How to do it...

How it works...

See also

9. Managing E-mails

Introduction

Configuring Postfix to provide SMTP services

Getting ready

How to do it...

How it works...

See also

Adding SASL to Postfix with Dovecot

Getting ready

How to do it...

How it works...

See also

Configuring Postfix to use TLS

Getting ready

How to do it...

How it works...

See also

Configuring Dovecot for secure POP3 and IMAP access

Getting ready

How to do it...

How it works...

See also

Targeting spam with SpamAssassin

Getting ready

How to do it...

How it works...

See also

Routing messages with Procmail

Getting ready

How to do it...

How it works...

See also

10. Managing Web Servers

Introduction

Installing Apache HTTP Server and PHP

Getting ready

How to do it...

How it works...

See also

Configuring name-based virtual hosting

Getting ready

How to do it...

How it works...

See also

Configuring Apache to serve pages over HTTPS

Getting ready

How to do it...

How it works...

See also

Enabling overrides and performing URL rewriting

Getting ready

How to do it...

How it works...

See also

Installing NGINX as a load balancer

Getting ready

How to do it...

How it works...

See also

11. Safeguarding Against Threats

Introduction

Sending messages to Syslog

Getting ready

How to do it...

How it works...

See also

Rotating log files with logrotate

Getting ready

How to do it...

How it works...

See also

Using Tripwire to detect modified files

Getting ready

How to do it...

How it works...

See also

Using ClamAV to fight viruses

Getting ready

How to do it...

How it works...

See also

Checking for rootkits with chkrootkit

Getting ready

How to do it...

How it works...

See also

Using Bacula for network backups

Getting ready

How to do it...

How it works

See also

12. Virtualization

Introduction

Creating a new virtual machine

Getting ready

How to do it...

How it works...

See also

Cloning a virtual machine

Getting ready

How to do it...

How it works...

See also

Adding storage to a virtual machine

Getting ready

How to do it...

How it works...

See also

Connecting USB peripherals to a guest system

Getting ready

How to do it...

How it works...

See also

Configuring a guest's network interface

Getting ready

How to do it...

How it works...

See also

CentOS 7 Server Deployment Cookbook

CentOS 7 Server Deployment Cookbook

Copyright © 2016 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: September 2016

Production reference: 1270916

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham 

B3 2PB, UK.

ISBN 978-1-78328-888-5

www.packtpub.com

Credits

About the Author

Timothy Boronczyk is a native of Syracuse, New York, where he works as a lead developer at Optanix, Inc. (formerly ShoreGroup, Inc.). He's been involved with web technologies since 1998, has a degree in Software Application Programming, and is a Zend Certified Engineer. In what little spare time he has left, Timothy enjoys hanging out with friends, studying Esperanto, and sleeping with his feet off the end of the bed. He's easily distracted by shiny objects.

About the Reviewer

Mitja Resman comes from a small, beautiful country called Slovenia, located in southern Central Europe. Mitja is a fan of Linux and is an open source enthusiast. Mitja is a Red Hat Certified Engineer and Linux Professional Institute professional. Working as a system administrator, Mitja got years of professional experience with open source software and Linux system administration on local and international projects worldwide. The swiss army knife syndrome makes Mitja an expert in the field of VMware virtualization, Microsoft system administration, and lately, also Android system administration.

Mitja has a strong desire to learn, develop, and share knowledge with others. This is the reason he started a blog called GeekPeek.Net (https://geekpeek.net/). GeekPeek.Net provides CentOS Linux guides and How to articles covering all sorts of topics appropriate for beginners and advanced users. He wrote a book, CentOS High Availability by Packt Publishing, covering the topic of how to install, configure, and manage clusters on CentOS Linux.

Mitja is also a devoted father and husband. His two daughters and wife are the ones who take his mind off the geek stuff and make him appreciate life, looking forward to things to come.

www.PacktPub.com

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Preface

For over a decade, the CentOS project has provided the community with a free, enterprise-grade operating system through the rebranding and recompilation of the Red Hat Enterprise Linux source. Since CentOS users rely almost exclusively on the community for their support needs, I was keen to write this book when Packt approached me about the project's latest release, CentOS 7. The recipes we chose cover a wide range of topics, from getting started to managing many common web services, and hopefully administrators of any skill level will find something of interest.

However, writing a book is a huge undertaking. Because of this, I want to thank the staff at Packt, my family, and my friends, for their support. The dog needs to be taken for a walk, family engagements need attending, and emergencies arise at the workplace. Without the understanding and encouragement of those around me and the editorial staff, you wouldn't be reading this book.

What this book covers

The recipes presented in this book aim to make even the most difficult configuration tasks easy by providing step-by-step instructions and discussion. Here's a quick rundown of what you can expect from each of the 12 chapters.

Chapter 1, Getting Started with CentOS, contains recipes for installing CentOS using graphical, text-based, and kick-start approaches. How to set up a CentOS platform for projects running Docker and on Amazon Web Services is also discussed.

Chapter 2, Networking, contains recipes to help you complete common networking tasks, such as how to set up a static IP address, assign multiple addresses to a single network interface, bond multiple interfaces with the same address, and configure the system's firewall using FirewallD and iptables. It also presents recipes for configuring network services such as DHCP, NFS, and Samba.

Chapter 3, User and Permission Management, shows you how to increase the security of your system by enforcing password restrictions, adjusting the default permissions given to newly created files and directories, and the use of sudo to avoid circulating the root password. How to work with SELinux is also discussed.

Chapter 4, Software Installation Management, provides recipes focused on working with software repositories and installing software. You'll learn how to register the EPEL and Remi repositories, prioritize the repositories packages are installed from, and update your software automatically. You'll also learn how to compile and install software from source code.

Chapter 5, Managing Filesystems and Storage, presents recipes that show you how to set up and work with RAID and with LVM. These services leverage your system's storage to maintain availability, increase reliability, and to keep your data safe against inevitable disk failures.

Chapter 6, Allowing Remote Access, aims to help you provide remote access to your CentOS system in a secure manner. Its recipes cover using SSH, configuring a chroot jail, and tunneling VNC connections through an encrypted SSH tunnel.

Chapter 7, Working with Databases, collects recipes that provide you with the necessary steps to get started with various database services such as MySQL, MongoDB, and OpenLDAP. You'll also learn how to provide backup and redundancy for these services.

Chapter 8, Managing Domains and DNS, takes us into the world of DNS. The recipes show you how to set up a resolving DNS server to decrease latency caused by domain lookups and how to manage your own domain with an authoritative DNS server.

Chapter 9, Managing E-mails, will help you set up your own mail server. The recipes discuss configuring Postfix to provide SMTP services, configuring Dovecot to provide IMAP and POP3 services, and securing these services with TLS. You'll also find instructions on how to set up SpamAssassin to help reduce unsolicited bulk e-mails.

Chapter 10, Managing Web Servers, contains recipes about configuring Apache to server web content. You'll learn how to set up name-based virtual hosting, server pages over HTTPS, and perform URL rewriting. How to set up NGINX as a load balancer is also discussed.

Chapter 11, Safeguarding Against Threats, contains recipes to help protect the investment you've made in your CentOS server. They cover logging, threat monitoring, virus and rootkits, and network backups.

Chapter 12, Virtualization, shows you how CentOS can function as a host operating system to one or more virtualized guests. This allows you to take better advantage of your hardware resources by running multiple operating systems on the same physical system.

What you need for this book

To follow the recipes in this book, first and foremost you'll need a system capable of running CentOS 7. The minimum requirements (and maximum capabilities) are documented in the Red Hat Enterprise Linux knowledge base available online at https://access.redhat.com/articles/rhel-limits. In brief, you'll need a system that has the following:

x86_64 processor (RHEL/CentOS 7 does not support x86)

1 GB RAM

8 GB Disk capacity

Apart from a system to install CentOS on, you'll also need a copy of the CentOS installation media and a working network connection. You can download a copy directly from https://www.centos.org/download/ or using BitTorrent.

Who this book is for

This book is for Linux professionals with basic Unix/Linux functionality experience, perhaps even having set up a server before, who want to advance their knowledge in administering various services.

Sections

In this book, you will find several headings that appear frequently (Getting ready, How to do it..., How it works..., There's more..., and See also).

To give clear instructions on how to complete a recipe, we use these sections as follows.

Getting ready

This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.

How to do it…

This section contains the steps required to follow the recipe.

How it works…

This section usually consists of a detailed explanation of what happened in the previous section.

There's more…

This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.

See also

This section provides helpful links to other useful information for the recipe.

Conventions

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: The repositories' configuration files are found in the /etc/yum.repos.d directory.

A block of code is set as follows:

    [sshd]

    enabled=true

    bantime=86400

    maxretry=5

Any command-line input or output is written as follows:

    firewall-cmd --zone=public --permanent --add-service=dns

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: Select your desired language and click on Continue.

Note

Warnings or important notes appear in a box like this.

Tip

Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.

To send us general feedback, simply e-mail feedback@packtpub.com, and mention the book's title in the subject of your message.

If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Errata

Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.

To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.

Piracy

Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.

Please contact us at copyright@packtpub.com with a link to the suspected pirated material.

We appreciate your help in protecting our authors and our ability to bring you valuable content.

Questions

If you have a problem with any aspect of this book, you can contact us at questions@packtpub.com, and we will do our best to address the problem.

Chapter 1. Getting Started with CentOS

This chapter contains the following recipes:

Installing CentOS using Anaconda in graphics mode

Installing CentOS using Anaconda in text mode

Coordinating multiple installations using Kickstart

Running a cloud image with Amazon Web Services' EC2

Installing a container image from the Docker Registry

Installing the GNOME desktop

Installing the KDE Plasma desktop

Introduction

This chapter's recipes focus on getting up and running with CentOS using a variety of installation methods. You'll learn how to perform interactive graphical and text-based installations using Anaconda and perform an unattended installation using Kickstart. You'll also see how to run CentOS in the cloud with Amazon Web Services and in a Docker container image. Most of the recipes in this book take place at the command prompt, but some require a graphical desktop, so we'll finish up with a look at installing the GNOME and KDE Plasma desktops.

Installing CentOS using Anaconda in graphics mode

In this recipe, you'll learn how to install CentOS using the graphical installer Anaconda. This is the most common way that CentOS is installed, although there are other ways too (some of which are discussed in later recipes). This approach is also the easiest installation method, especially for setting up single-server deployments.

Getting ready

This recipe assumes that you have a copy of the CentOS 7 installation medium. If you don't, visit https://www.centos.org and download a minimal ISO image. You'll also need to make a physical disc from the image. Instructions for burning the ISO image to disc can be found at https://www.centos.org/docs/5/html/CD_burning_howto.html.

Tip

If your system doesn't have an optical drive and its BIOS supports booting from a USB device, you can also write the ISO image to a USB stick.

How to do it...

Follow these steps to install CentOS using the graphical installer Anaconda:

Insert the installation disc into your system's optical drive (or USB stick into a USB port) and reboot. The system should boot to the CentOS 7 installation menu:

The installer is launched from the installation menu

Note

If your system doesn't boot to the installation menu then the drive may not be configured as a boot device. The exact steps to verify and adjust the configuration vary between BIOS vendors, but in general you'll press Esc, F1, F2, or Delete while the system is booting to gain access to the BIOS settings. Then you'll find the list of boot devices and change the order in which each is searched for a boot record.

Using the arrow keys, make sure that the Install CentOS 7 option is highlighted and press Enter.

The WELCOME TO CENTOS 7 screen confirms which language to use during the installation process. Select your desired language and click on Continue:

You can change the